Method and device for entering a computer database password

ABSTRACT

The invention relates to computers, more particularly to a method and apparatus for entering a password to gain access to computer databases. The object of the invention is to provide efficient protection of the user&#39;s password from reproduction by an unauthorized person, to substantially increase the number of possible combinations and to create passwords that are maximum easy for the users to memorize. An embodiment of the invention comprises entering parameters of a password entry dynamic image to a computer; displaying to the user the dynamic image with the selected parameters; pointing at least one predetermined object of the dynamic image that has taken a user-predetermined position in space and/or state in time. Another embodiment comprises setting a predetermined access code in the form of a rhythmic pattern; preliminary entering said rhythmic pattern via a user&#39;s entry device to a computer to store and use the rhythmic pattern in subsequent password entries; when entering the password, entering said rhythmic pattern via a set of contact means of the user&#39;s entry device.

FIELD OF THE INVENTION

[0001] The present invention relates to computers and specificallyrelates to a method for entering a password to gain access to computerdatabases and an apparatus for implementing the method.

BACKGROUND OF THE INVENTION

[0002] A method is known for entering a graphical password whichrequires a user to touch, via a mouse, areas of a graphical image on adisplay in a predetermined sequence (U.S. Pat. No. 5,559,961, IPC G06F11/00, published on Sep. 24, 1996).

[0003] The password, however, suffers from insufficient security.Firstly, an unauthorized person can oversee and repeat the process ofentering data of the password. Secondly, the number of password patternsthat could be generated is small and the patterns are easy to produce bytrial and error. In addition to the insufficient security, the prior artmethod suffers one problem more—not every password selected by the usercan be easily memorized. To gain access to numerous databases, the usermust remember a plurality of different password patterns, which becomesimpossible due to abundance of such systems.

[0004] A method is also known for entering a password, involving the useof changing graphical images, such as digits, which requires a user toperform logical operations, such as subtraction, on images of digitsthat are displayed and conceived (JP Patent No.6-214954, IPC G06K 15/00,3/02, published on Aug. 5, 1944). Security provided by the method isquite high, but the required additional logical operations increase loadon the user.

SUMMARY OF THE INVENTION

[0005] The object of the present invention is to provide a method andapparatus for entering a password to gain access to computer databases,that would overcome the aforementioned problems of the prior art. Thepresent invention provides the following technical result: efficientprotection of the user's password from reproduction by an unauthorizedperson, substantially increased number of possible combinations toprevent learning the password by trial and error, and at the same timeprovision of passwords that are maximum easy for the users to memorizeand convenient to enter.

[0006] The above technical result is attained in a method for entering apassword to gain access to a computer database, in accordance with thepresent invention, comprising the steps of: determining parameters of apassword entry dynamic image; entering said parameters via a user'sentry device to a computer and storing the parameters; displaying to theuser on a display said dynamic image with the user-determinedparameters; pointing, via time pointing means, at least onepredetermined object of the dynamic image that has taken auser-predetermined position in space and/or state in time; comparing thestored parameters of the password entry dynamic image with parameters ofsaid pointed objects of the dynamic image and, responsive tocorrespondence between said parameters, identifying the password.

[0007] The dynamic image is preferably a set of several screens, eachhaving a time-variable state, wherein appearance of said predeterminedobject on at least one predetermined screen is pointed via the user'stime pointing device, the state of the screen being preferablyperiodically varied.

[0008] The parameters of the dynamic image are preferably selected fromthe group including a number of screens, a number of objects displayedon each of the screens, a state modification mode of each of thescreens, a state modification rate of each of the screens, an indicationof the order and screen on which the objects of the dynamic image are tobe selected, an indication which of the screens are significant forentering the password, and combinations of the said parameters.

[0009] The dynamic image may be an animated image including animatedobjects that vary position in space and/or state in time, whereinappearance of a predetermined object in at least one position and/orstate is pointed via the user's time pointing device. The parameters ofthe dynamic image are selected from the group including a number ofanimated objects, an animation rate of the objects, an indication inorder the animated objects are to be selected, and an indication whichof the animated objects are significant for entering the password.

[0010] The above technical result is also attained in an apparatus forentering a password to gain access to a computer database, in accordancewith the present invention, comprising: a user's entry device forentering parameters of a password entry dynamic image; a display fordisplaying to the user the dynamic image with the user-selectedparameters; time pointing means for pointing at least one predeterminedobject of the dynamic image that has taken a user-predetermined positionin space and/or state in time; means for storing the entered parametersof the password entry dynamic image, comparing said stored parameterswith parameters of the pointed objects of the dynamic image and,responsive to correspondence between said parameters, identifying thepassword.

[0011] The time pointing means preferably comprises at least one contactmeans to point the time when actuated by the user, and can be based onat least one entry device selected from the group including a mouse, akeyboard and a graphics tablet.

[0012] The apparatus for entering a password further comprises means forimplementing a state variation mode of each of the screens, a statevariation rate of each of the screens, an animation rate of objects ofthe dynamic image, an order of selection of objects of the dynamic imageon respective screens responsive to a user-entered indication which ofthe actuated contact means are significant for entering the password.

[0013] The above technical result is attained in a method for entering apassword to gain access to a computer database, in accordance with thepresent invention, comprising the steps of: setting a predeterminedaccess code in the form of a rhythmic pattern; preliminary entering saidrhythmic pattern via a user's entry device to a computer to store anduse the rhythmic pattern in a subsequent password entry; when enteringthe password, entering said rhythmic pattern via the user's entrydevice; comparing the stored rhythmic pattern with the entered rhythmicpattern and, responsive to correspondence between them, identifying thepassword.

[0014] The rhythmic pattern is preferably a fragment of a musiccomposition, wherein contact means in a set of contact means areassigned functions of keys of a musical instrument.

[0015] The user's entry device may comprise at least one contact means,wherein a duration of each actuation of said contact means in thesequence of actuations is determined for entering the rhythmic pattern.

[0016] Additionally, the rhythmic pattern may be a combination of longand short actuations of said contact means.

[0017] The above technical result is also attained in an apparatus forentering a password to a computer database, in accordance with theinvention, comprising: a user's entry device for entering a rhythmicpattern to a computer; means for storing the pre-selected rhythmicpattern entered via the user's entry device; means for comparing thestored rhythmic pattern with a rhythmic pattern entered by the user atsubsequent password entries and, responsive to correspondence betweenthem, identifying the password.

[0018] The user's entry device is preferably selected from the groupincluding a mouse, a keyboard and combination thereof, wherein a set ofcontact means for entering the rhythmic pattern is selected from saidkeyboard and mouse, and each element of the rhythmic pattern maycorrespond to actuation of one of the contact means.

[0019] Furthermore, the set of contact means may include groups ofcontact means having the same function so that to each element of therhythmic pattern corresponds to actuation of any one of contact means insaid group of contact means.

BRIEF DESCRIPTION OF THE DRAWINGS

[0020] The invention will become more apparent from the followingdetailed description of its embodiments taken in conjunction with theattached drawings in which:

[0021]FIG. 1 illustrates a first embodiment of a method for entering apassword using a set of images that are dynamically displayed on auser's computer display;

[0022]FIG. 2 illustrates a second embodiment of a method for entering apassword using an image with a dynamically changing content displayed ona user's computer display;

[0023]FIG. 3 represent in details the steps of a method for entering apassword according to the second embodiment.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

[0024] In a first embodiment of a method is accordance with the presentinvention (FIG. 1), a user predetermines a number of screens, type ofimages to be displayed of each of the screens, a number of objects to bedisplayed on each of the screens, and an order and screen on which theobjects of the dynamic image are to be selected. The user furtherdetermines which contact means (e.g. left or right button of a mouse ora certain key on a keyboard, etc.) will be used to point the time ofappearance of a predetermined object on a screen. The predeterminedobject of the dynamic image is an object that has taken a user-conceivedposition in space and/or state in time.

[0025] The user can further determine which of the screens aresignificant for entering a password and which are not, i.e. which of thescreens will be used to enhance security of the password entry.Respective user's settings are registered in software.

[0026] According to FIG. 1, a user is suggested to monitor appearance ofgraphic objects, predetermined for creating a password, on auser-defined number of screens (four in this case). The time when auser-predetermined object appears on each screen is pointed via aselected contact means, e.g. by click of the left button of a mouse orby depression of a selected key on a keyboard. Contents of each screenmay change periodically, any number of times according to the user'swish and at a selected rate. By way of example, a number of picturesperiodically displayed on each screen is 20. A password can be definedby the user, e.g. as follows: appearance of a tiger on the right upperscreen; appearance of a parrot on the left lower screen; appearance of ashark on the left upper screen; appearance of a butterfly on the rightlower screen. This means that the first time mark made by the contactmeans is addressed to the right upper screen; the second one isaddressed to the left lower screen; the third one is addressed to theupper left screen, and the forth one is addressed to the right lowerscreen, which corresponds to the user-defined order of selection of theobjects on respective screens. A feature of the password entry is thatwhen pointing the time of appearance of a predetermined object theprocess of displaying the objects will be continued until the passwordis completely entered. Nothing reveals the password entry process on thedisplay, therefore, an unauthorized person could not know the appearanceof which object and on which screen is being monitored by the user, i.e.the appearance of which objects on which screens and in which order ispointed by the user.

[0027] Functions of storing the entered parameters of the password entrydynamic image, comparing said stored parameters with parameters of thepointed objects of the dynamic image and, responsive to correspondencebetween the parameters, identifying the password are implemented in anappropriate software.

[0028] The password entry process can be realized in a number of ways.First, selection of password objects is not mandatory on every screen,i.e. in determining a number of screens to be displayed the user mayspecify any number of significant screens, e.g. three. In this case, apassword will consist of any three objects of the dynamic image. Second,a particular contact means may be selected to point the time ofappearance of each of the objects. In this case, an exemplary passworddescribed above with reference to FIG. 1 will be as follows. If theuser's password corresponds to appearance of a tiger on the right upperscreen, a parrot on the left lower screen, a shark on the left upperscreen and a butterfly on a right lower screen, the user may point thetime of appearance of a tiger via the left button, a parrot via theright button, a shark via the left button, and a butterfly via the leftbutton of the mouse. Therefore, the user himself selects the security ofhis (or her) password and complexity of its memorizing. Third, whensetting a password the user may select contact means insignificant forcreating the password. That is the right button of the mouse isinsignificant in the described password, hence, it does not affect thepassword entry when depressed. This further enhances the passwordprotection from an unauthorized viewer—in addition to the fact that theviewer does not know the appearance of which object and on which screenis being monitored by the user, he (or she) does not know whether theappearance of this object is significant for the password, i.e. whetheractuation of a certain contact means is significant for the passwordentry.

[0029] In another embodiment illustrated in FIG. 2, a user is suggestedto monitor selected objects that are united in a dynamic (animated)image. According to FIG. 2, objects shown in the displayed picture, suchas a child, a ball, a fish and a butterfly, change their position inspace, while an object, such as a bird, changes its state, i.e. isflying, without changing its coordinates. The time when the animatedobjects take a predetermined position in space or a predetermined statein time is pointed by the user via any one selected time pointing device(e.g. by click of a mouse or depression of a selected key on akeyboard). The user's password may correspond to the states of theanimated objects at the instants when the fish is in water with its head(FIG. 3a), the child sits still near the ball (FIG. 3b), the ballappears on the screen (FIG. 3c), the butterfly is above the rightmostumbrella (FIG. 3d) and the bird's wings are up (FIG. 3e). Therefore, thefirst time mark, e.g. the first click of the mouse, is addressed to thefish, the second one is addressed to the child, the third one isaddressed to the ball, the forth one is addressed to the umbrella, andthe fifth one is addressed to the bird, which must correspond to theuser-defined order of selection of the animated objects.

[0030] A feature of the password entry is that when pointing the time ofappearance of a predetermined object at a predetermined point of spaceor attainment by a predetermined object of a predetermined state intime, the process of displaying the animated objects will be continueduntil the password is completely entered. Nothing reveals the passwordentry process on the display, therefore, an unauthorized person will notknow which position in space and/or state in time is being monitored bythe user, and in which order they are pointed by the user. The animatedobjects are repeatedly displayed at the user-defined animation rate inthe case the user has not managed to timely point a respective object inthe predetermined position. All of the described features of passwordcreation can be used: selection of all of the animated password objectson the dynamic object is not mandatory, i.e. when determining objectsfor the password entry the user may declare any objects to besignificant.

[0031] Such functions as selection of a state modification mode of eachof the screens, determination of a state modification rate of each ofthe screens, determination of an object animation rate of the dynamicimage, an order of selection of objects of the dynamic image onrespective screens responsive to the user-entered indication as to whichof the actuated means are significant for the password entry, areimplemented by an appropriate software.

[0032] To enter a password that represents a rhythmic pattern, the usermust enter a predetermined rhythmic pattern via predetermined contactmeans. The rhythmic pattern may be a fragment of a music composition,and the contact means may be assigned functions of keys of a musicalinstrument.

[0033] By way of example, a user selects the left and right buttons of amouse as a password entry device. The user's password can be set asfollows: three depressions of the left button, two depressions of theright button, three depressions of the right button, two depressions ofthe left button, three depressions of the right button, one depressionof the left button, one depression of the right button, one depressionof the left button, one depression of the right button, and twodepressions of the left button. Such a seemingly difficult-to-memorizepassword represents a popular melody, “Dog's waltz”, played on two keysof a key-driven musical instrument. The password is hard to oversee andrepeat, as the user's hand fully covers the mouse, and the fingers stayconstantly on both contact means—it is difficult to realize which buttonof the mouse is depressed and how many times. Only the user knows thekey melody which facilitates memorizing the password as a respectiverhythmic pattern, and the number and order of actuations of each of theselected contact means. In creation of such a password, the user mayselect as contact means for the password entry any means from the groupincluding keyboard keys, mouse buttons and combinations thereof, as wellas combinations of contact means having identical functions. By way ofexample, to enter the aforementioned password the user may select theupper (numeric) row of the keyboard instead of the left mouse button,and the right field of the keyboard, also numeric, instead of the rightmouse button. In the process of the password entry, each button in everygroup of buttons has identical meaning. Therefore, it is not importantwhich of the buttons in the group is depressed, only the group—right orleft—to which it belongs is of importance. This method of entering apassword enhances protection from an unauthorized viewer, because theviewer not only does not “hear” the rhythmic pattern being entered, butdoes not know either which of the contact means corresponds, by itsmeaning, to each element of the code. The rhythmic pattern code maycontain any number of “sounds”, i.e. depressions of the contact means,depending on the user's ability to memorize it.

[0034] The user-entered rhythmic pattern is compared with the pre-storedrhythmic pattern and the password is identified responsive tocorrespondence between them. These functions can be implemented by asoftware.

[0035] In an embodiment, a rhythmic pattern may be entered as acombination of long and short actuations of user-defined contact means.

[0036] The process of entering a password in the form of a rhythmicpattern is not accompanied by displaying any images on the screen, andaccess to a computer database cannot be gained until the password iscompletely entered.

[0037] The password entry using a dynamic picture possesses thefollowing advantages: a great number of possible combinations can becreated as each of the animated objects may take a sufficient number ofeasily memorized positions; protection from an unauthorized person, anintruder, can be enhanced by any one of the described means orcombinations thereof. Therefore, a method for entering a password inaccordance with the invention overcomes basic problems encountered bythe user in selection, memorizing and protection of his (or her)password for gaining access to computer databases.

[0038] The password entry using a rhythmic pattern possesses thefollowing advantages: a great number of combinations created on thebasis of popular melodies and rhythms provide easy and simple memorizinga password by user; methods for entering rhythmic patterns additionallyenhance protection from an unauthorized viewer.

INDUSTRIAL APPLICABILITY

[0039] The present invention can be used to create means for entering apassword to access computer databases, to provide secure access tomobile telephones, terminals of financial transaction systems, as wellas in security systems of protected territories equipped with videomonitors.

What is claimed is:
 1. A method for entering a password to gain accessto a computer database, comprising the steps of: determining parametersof a password entry dynamic image, entering said parameters via a user'sentry device to a computer and storing said parameters; displaying tothe user on a display said dynamic image with the user-determinedparameters; pointing, via time pointing means, at least onepredetermined object of said dynamic image that has taken auser-predetermined position in space and/or state in time; comparingsaid stored parameters of the password entry dynamic image withparameters of said pointed objects of the dynamic image and, responsiveto correspondence between said parameters, identifying the password. 2.The method of claim 1 characterized in that said dynamic image is a setof several screens, each having a time-variable state, whereinappearance of said predetermined object on at least one predeterminedscreen is pointed via the user's time pointing device.
 3. The method ofclaim 2 characterized in that the state of the screen is periodicallyvaried.
 4. The method of claim 2 or 3 characterized in that saidparameters of the dynamic image are selected from the group including anumber of screens, a number of objects displayed on each of the screens,a state modification mode of each of the screens, a state modificationrate of each of the screens, an indication of the order and screen onwhich the objects of the dynamic image are to be selected, an indicationwhich of the screens are significant for entering a password, andcombination of said parameters.
 5. The method of claim 1 characterizedin that said dynamic image is an animated image including animatedobjects that vary position in space and/or state in time, whereinappearance of a predetermined object in at least one position and/orstate is pointed via the user's time pointing device.
 6. The method ofclaim 5 characterized in that said parameters of the dynamic image areselected from the group including a number of animated objects, ananimation rate of the objects, an indication in which order the animatedobjects are to be selected, and an indication which of the animatedobjects are significant for entering the password.
 7. An apparatus forentering a password to gain access to a computer database, comprising auser's entry device for entering parameters of a password entry dynamicimage to a computer; a display for displaying to the user the dynamicimage with the user-selected parameters; time pointing means forpointing at least one predetermined object of the dynamic image that hastaken a user-predetermined position in space and/or state in time; meansfor storing the entered parameters of the password entry dynamic image,comparing said stored parameters with parameters of the pointed objectsof the dynamic image and, responsive to correspondence between theparameters, identifying the password.
 8. The apparatus of claim 7characterized in that said time pointing means comprises at least onecontact means to point the time when actuated by the user.
 9. Theapparatus of claim 7 or 8 characterized in that said time pointing meansis based on at least one entry device selected from the group includinga mouse, a keyboard and a graphic tablet.
 10. The apparatus of any oneof claims 7 to 9 characterized by further comprising means forimplementing a state modification mode of each of the screens, a statemodification rate of each of the screens, an animation rate of objectsof the dynamic image, an order of selection of objects of the dynamicimage on respective screens responsive to a user-entered indicationwhich of the actuated contact means are significant for entering thepassword.
 11. A method for entering a password to gain access to acomputer database, comprising the steps of: setting a predeterminedaccess code in the form of a rhythmic pattern; preliminary entering saidrhythmic pattern via a user's entry device to a computer to store anduse said rhythmic pattern in a subsequent password entry; when enteringthe password, entering said rhythmic pattern via said user's entrydevice; comparing said stored rhythmic pattern with the entered rhythmicpattern and, responsive to correspondence between said rhythmicpatterns, identifying the password.
 12. The method of claim 11characterized in that said user's entry device comprises a set ofcontact means, wherein a predetermined number of contact means and anorder of actuations of the contact means by the user are selected forentering the rhythmic pattern.
 13. The method of claim 11 or 12characterized in that said rhythmic pattern is a fragment of a musiccomposition, wherein said contact means in said set of contact means areassigned functions of keys of a musical instrument.
 14. The method ofclaim 11 characterized in that said user's entry device comprises atleast one contact means, wherein a duration of each actuation of saidcontact means in the sequence of actuations thereof is determined forentering the rhythmic pattern.
 15. The method of claim 13 or 14characterized in that said rhythmic pattern is a combination of long andshort actuations of said contact means.
 16. An apparatus for entering apassword to a computer database, comprising a user's entry device forentering a rhythmic pattern to a computer; means for storing thepre-selected rhythmic pattern entered via the user's entry device; meansfor comparing said stored rhythmic pattern with a rhythmic patternentered by the user at subsequent password entries and, responsive tocorrespondence between said rhythmic patterns, identifying the password.17. The apparatus of claim 16 characterized in that said user's entrydevice is selected from the group including a mouse, a keyboard andcombination thereof, wherein a set of contact means for entering therhythmic pattern is selected from said keyboard and mouse.
 18. Theapparatus of claim 17 characterized in that each element of saidrhythmic pattern corresponds to actuation of one of the contact means.19. The apparatus of claim 17 characterized in that said set of contactmeans includes groups of contact means having the same function so thateach element of said rhythmic pattern corresponds to actuation of anyone of contact means in said group of contact means.